fuzz: Add fuzzing syscall sandbox: detect use of unexpected syscalls when fuzzing ("syscall sanitizer") #21538

pull practicalswift wants to merge 2 commits into bitcoin:master from practicalswift:seccomp-bpf-fuzzing changing 33 files +763 −3
  1. practicalswift commented at 10:29 AM on March 28, 2021: contributor

    Add fuzzing syscall sandbox: detect use of unexpected syscalls when fuzzing.

    This PR is based on #20487. Only the last commit is new to this PR.

    Example use:

    $ make distclean
$ ./autogen.sh
$ CC=clang CXX=clang++ ./configure --enable-fuzz --with-sanitizers=fuzzer --with-syscall-sandbox
$ make
$ FUZZ=example_fuzzing_harness src/test/fuzz/fuzz
…
ERROR: The syscall "socket" (syscall number 41) is not allowed by the syscall sandbox in thread "*unnamed*". Please report. Exiting.
terminate called without an active exception
==27953== ERROR: libFuzzer: deadly signal
…
    [#11](/bitcoin-bitcoin/11/) 0x7f11a5dd0b20 in std::terminate() (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0x92b20)
    [#12](/bitcoin-bitcoin/12/) 0x56445a4b8cb7 in (anonymous namespace)::SyscallSandboxDebugSignalHandler(int, siginfo_t*, void*) src/util/syscall_sandbox.cpp:71:5
…
artifact_prefix='./'; Test unit written to ./crash-78657a4e3dda0e9557c5a4f56dd9d19763459865

    In this example use of an unexpected networking syscall (socket) was detected when running the example harness example_fuzzing_harness.

  2. DrahtBot commented at 11:08 AM on March 28, 2021: member

    <!--e57a25ab6845829454e8d69fc972939a-->

    The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

    <!--174a7506f384e20aa4161008e828411d-->

    Conflicts

    Reviewers, this pull request conflicts with the following ones:

    • #22159 (build: Add --enable-trivial-auto-var-init-pattern option by MarcoFalke)
    • #22144 (Randomize message processing peer order by sipa)
    • #21789 (refactor: Remove ::Params() global from CChainState by MarcoFalke)
    • #21763 (test: Run AppInitSanityChecks before all tests by MarcoFalke)
    • #20744 ([POC] Use std::filesystem. Remove Boost Filesystem & System by fanquake)
    • #20487 (Add syscall sandboxing using seccomp-bpf (Linux secure computing mode) by practicalswift)
    • #16365 (Log RPC parameters (arguments) if -debug=rpcparams by LarryRuane)

    If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

  3. DrahtBot added the label Build system on Mar 28, 2021
  4. DrahtBot added the label GUI on Mar 28, 2021
  5. DrahtBot added the label P2P on Mar 28, 2021
  6. DrahtBot added the label RPC/REST/ZMQ on Mar 28, 2021
  7. DrahtBot added the label Utils/log/libs on Mar 28, 2021
  8. DrahtBot added the label UTXO Db and Indexes on Mar 28, 2021
  9. DrahtBot added the label Validation on Mar 28, 2021
  10. practicalswift renamed this:
    fuzz: Add fuzzing syscall sandbox: detect use of unexpected syscalls when fuzzing
    fuzz: Add fuzzing syscall sandbox: detect use of unexpected syscalls when fuzzing ("syscall sanitizer")
    on Mar 28, 2021
  11. Umarovm approved
  12. practicalswift force-pushed on Mar 29, 2021
  13. DrahtBot added the label Needs rebase on Apr 13, 2021
  14. practicalswift force-pushed on Apr 27, 2021
  15. DrahtBot removed the label Needs rebase on Apr 27, 2021
  16. practicalswift force-pushed on Apr 28, 2021
  17. DrahtBot commented at 9:32 AM on May 3, 2021: member

    <!--4a62be1de6b64f3ed646cdc7932c8cf5-->

    🕵️ @jonatack @sipa have been requested to review this pull request as specified in the REVIEWERS file.

  18. laanwj removed the label Build system on May 4, 2021
  19. laanwj removed the label GUI on May 4, 2021
  20. laanwj removed the label P2P on May 4, 2021
  21. laanwj removed the label RPC/REST/ZMQ on May 4, 2021
  22. laanwj removed the label UTXO Db and Indexes on May 4, 2021
  23. laanwj removed the label Utils/log/libs on May 4, 2021
  24. laanwj removed the label Validation on May 4, 2021
  25. laanwj added the label Tests on May 4, 2021
  26. DrahtBot added the label Needs rebase on May 5, 2021
  27. practicalswift force-pushed on May 12, 2021
  28. DrahtBot removed the label Needs rebase on May 12, 2021
  29. DrahtBot added the label Needs rebase on May 15, 2021
  30. practicalswift force-pushed on May 15, 2021
  31. DrahtBot removed the label Needs rebase on May 15, 2021
  32. DrahtBot added the label Needs rebase on May 21, 2021
  33. Add syscall sandboxing (seccomp-bpf) 0ea0870e2e
  34. Add fuzzing syscall sandbox: detect use of unexpected syscalls when fuzzing 333374a754
  35. practicalswift force-pushed on May 23, 2021
  36. DrahtBot removed the label Needs rebase on May 23, 2021
  37. practicalswift closed this on Jun 7, 2021
  38. DrahtBot locked this on Aug 18, 2022
Contributors
practicalswiftDrahtBotUmarovm
Labels
Tests
Linked (view graph)
#11 Nolisten patch#12 Monitor transactions and/or blocks#20487 Add syscall sandboxing using seccomp-bpf (Linux secure computing mode)
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-20 00:14 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me